Page Contents

Home > @loopback/security > Subject

Subject interface

Subject represents both security state and operations for a single request. It’s the who for security.

Such operations include: - authentication (login) - authorization (access control) - session access - logout

Signature:

export interface Subject 

Properties

Property Modifiers Type Description

authorities

Set<Permission>

An array of authorities granted by the user to the client application. One example is {@link https://tools.ietf.org/html/rfc6749#section-3.3 | oAuth2 scopes).

credentials

Set<Credential>

An array of credentials, such as password, access token, or private/public keys.

principals

Set<TypedPrincipal>

An array of principals. It can include information about the current user, the client application, and granted authorities.

Subject represents both security state and operations for a single application user.

Such operations include: - authentication (login) - authorization (access control) - session access - logout